Splunk Default Administrator Credentials (splunkd)

high Nessus Plugin ID 49072

Synopsis

The remote web server contains an application that is protected using default administrator credentials.

Description

The version of Splunk hosted on the remote web server uses a default set of credentials for the default administrator account. A remote attacker can exploit this to gain administrative access to the application.

Solution

Change the administrator password either by logging into the Splunk Web Manager or by using the CLI command 'splunk edit user'.

See Also

http://www.nessus.org/u?46e3469c

Plugin Details

Severity: High

ID: 49072

File Name: splunkd_default_creds.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 9/1/2010

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:splunk:splunk

Required KB Items: installed_sw/Splunk

Excluded KB Items: global_settings/supplied_logins_only, www/splunk/default_creds